From nobody@FreeBSD.org  Thu Feb  1 11:02:24 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 9AA6A37B503
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  1 Feb 2001 11:02:23 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f11J2Ng04677;
	Thu, 1 Feb 2001 11:02:23 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200102011902.f11J2Ng04677@freefall.freebsd.org>
Date: Thu, 1 Feb 2001 11:02:23 -0800 (PST)
From: gabriel_ambuehl@buz.ch
To: freebsd-gnats-submit@FreeBSD.org
Subject: Why isn't bind always running as -u bind -g bind
X-Send-Pr-Version: www-1.0

>Number:         24784
>Category:       misc
>Synopsis:       Why isn't bind always running as -u bind -g bind
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          wish
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 01 11:10:01 PST 2001
>Closed-Date:    Fri Nov 16 16:12:40 PST 2001
>Last-Modified:  Fri Nov 16 16:14:08 PST 2001
>Originator:     Gabriel Ambuehl
>Release:        4.2 STABLE
>Organization:
>Environment:
>Description:
I've been wondering why bind isn't run as user bind group bind by default. I mean it's widely known that this isn't the most secure piece of software outthere so I'd say it really make sense to run it with the least permissions possible. /etc/defaults/rc.conf got the corresponding line commented out in favor of a normal running bind...
>How-To-Repeat:
Wait for the exploits to see why I mention this.
>Fix:
Kill the comment before
#named_flags="-u bind -g bind"  # Flags for named

in /etc/defaults/rc.conf

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: kris 
State-Changed-When: Fri Feb 2 02:42:09 PST 2001 
State-Changed-Why:  
Suggestion is under consideration 

http://www.freebsd.org/cgi/query-pr.cgi?pr=24784 

From: Kris Kennaway <kris@obsecurity.org>
To: gabriel_ambuehl@buz.ch
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/24784: Why isn't bind always running as -u bind -g bind
Date: Fri, 2 Feb 2001 02:42:34 -0800

 --OgqxwSJOaUobr8KG
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 On Thu, Feb 01, 2001 at 11:02:23AM -0800, gabriel_ambuehl@buz.ch wrote:
 
 > I've been wondering why bind isn't run as user bind group bind by
 > default. I mean it's widely known that this isn't the most secure
 > piece of software outthere so I'd say it really make sense to run it
 > with the least permissions possible. /etc/defaults/rc.conf got the
 > corresponding line commented out in favor of a normal running
 > bind...
 
 Running it like this won't work for every system since named can't
 rebind to interfaces which change address or which are added after the
 program is started. However, it's something we're considering doing.
 
 Kris
 
 --OgqxwSJOaUobr8KG
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.4 (FreeBSD)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE6eo8aWry0BWjoQKURAnuxAJ0fhJpf1OhzghJsUua7XzsAmpiMWQCbBSD6
 DIMpe+3EqjdFTroSwuczjPI=
 =ZJgW
 -----END PGP SIGNATURE-----
 
 --OgqxwSJOaUobr8KG--
 
State-Changed-From-To: analyzed->closed 
State-Changed-By: jedgar 
State-Changed-When: Fri Nov 16 16:12:40 PST 2001 
State-Changed-Why:  
o please see recent (within the last few months) mailing list 
discussions on this subject. 
o no response from submitter in 10 months. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24784 
>Unformatted:
